[
https://issues.apache.org/jira/browse/VELOCITY-516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12473912
]
Vincent Massol commented on VELOCITY-516:
-----------------------------------------
Hi Will,
Here's a fix: replace null with "iterator" (for example, or anything really, an
empty name, a dummy name).
Thanks for taking care of this. We're using Velocity in XWiki and for now I've
created our own SecureUberspector but I'd love to be able to remove it and
depend on the standard and default one you're providing.
Thanks
-Vincent
> SecureUberspector doesn't work with #foreach (iterators)
> --------------------------------------------------------
>
> Key: VELOCITY-516
> URL: https://issues.apache.org/jira/browse/VELOCITY-516
> Project: Velocity
> Issue Type: Bug
> Components: Engine
> Affects Versions: 1.5 beta2
> Reporter: Vincent Massol
> Priority: Critical
>
> When using a #foreach iterating over strings I get: "Cannot retrieve iterator
> from object of class [Ljava.lang.String; due to security restrictions."
> The reason is that in the SecureUberspector class there's a call to
> checkObjectExecutePermission() with the second parameter being null. And in
> checkObjectExecutePermission() there's:
> {code}
> if (methodName == null)
> {
> return false;
> }
> {code}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
